Is it unsafe if, under single user mode, root password can be reset?
Then everyone can reset my root password!
Asked
Active
Viewed 128 times
0
-
3Physical access: the battle is lost. – muru Aug 27 '14 at 22:43
-
possible duplicate of No user name/password required when exploring from live USB? – Eliah Kagan Aug 27 '14 at 23:02
1 Answers
3
You're right that runlevel 1 or "single user mode" can be used to reset the root password since it automatically logs in root. In fact, it is very well documented: http://fedoraproject.org/wiki/How_to_reset_a_root_password
This is a basic part of the Linux operating system and is used in recovery scenarios only. That's why one of the basic security measures to take is physically securing access to the box so that another user can't maliciously do that.
Also remember that there will be audit logs showing what happened, and, of course, your root password will be changed. If you're worried about someone in your organization doing this, you need to lock your door. (This is why server rooms are usually locked with a higher level of security than most places in the building. Physical access = free reign)
A couple more thoughts if you're really SERIOUS about protecting your machine:
- As stated earlier, lock down physical access to the box.
- Use a BIOS password.
- Use a utility similar to the now-defunct TruCrypt to encrypt your boot partition.
Rick Chatham
- 378
- 1
- 11